aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules
diff options
context:
space:
mode:
authorThomas <>2021-05-14 11:50:01 +0200
committerThomas <>2022-03-03 16:31:56 +0100
commit45b0a790ad412e6b7118f1c937b620c66a32fd64 (patch)
tree24e7876b81ff141139fcc8cf826c7c16488c9673 /eidas_modules
parentb419fcc99808d550490b7a4bf1e03baf4cacc6fc (diff)
downloadNational_eIDAS_Gateway-45b0a790ad412e6b7118f1c937b620c66a32fd64.tar.gz
National_eIDAS_Gateway-45b0a790ad412e6b7118f1c937b620c66a32fd64.tar.bz2
National_eIDAS_Gateway-45b0a790ad412e6b7118f1c937b620c66a32fd64.zip
add some TODO's for eIDAS Proxy-Service with mandates and fix some rebase errors
Diffstat (limited to 'eidas_modules')
-rw-r--r--eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java4
-rw-r--r--eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java184
2 files changed, 101 insertions, 87 deletions
diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
index 8151b429..555f4e47 100644
--- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
+++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
@@ -182,7 +182,9 @@ public class RequestIdAustriaSystemTask extends AbstractAuthServletTask {
StringUtils.join(mandateProfiles, ","));
}
-
+
+ //TODO: set force-mandates flag
+
return attributs;
}
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index 8e417c36..fda1652e 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -41,44 +41,46 @@ import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
import lombok.extern.slf4j.Slf4j;
/**
- * End-point implementation for authentication requests from eIDAS Proxy-Service
+ * End-point implementation for authentication requests from eIDAS Proxy-Service
* to MS-specific eIDAS Proxy-Service.
- *
+ *
* @author tlenz
*
*/
@Slf4j
@Controller
public class EidasProxyServiceController extends AbstractController implements IModulInfo {
-
+
private static final String ERROR_01 = "eidas.proxyservice.01";
private static final String ERROR_02 = "eidas.proxyservice.02";
private static final String ERROR_03 = "eidas.proxyservice.03";
private static final String ERROR_04 = "eidas.proxyservice.04";
private static final String ERROR_05 = "eidas.proxyservice.05";
-
+
public static final String PROTOCOL_ID = "eidasProxy";
-
- @Autowired private EidasAttributeRegistry attrRegistry;
-
+
+ @Autowired
+ private EidasAttributeRegistry attrRegistry;
+
/**
- * End-point that receives authentication requests from eIDAS Node.
- *
- * @param httpReq Http request
+ * End-point that receives authentication requests from eIDAS Node.
+ *
+ * @param httpReq Http request
* @param httpResp Http response
- * @throws IOException In case of general error
+ * @throws IOException In case of general error
* @throws EaafException In case of a validation or processing error
*/
- @RequestMapping(value = {
- MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_POST,
- MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_REDIRECT
+ @RequestMapping(value = {
+ MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_POST,
+ MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_REDIRECT
},
method = { RequestMethod.POST, RequestMethod.GET })
- public void receiveEidasAuthnRequest(HttpServletRequest httpReq, HttpServletResponse httpResp) throws IOException,
+ public void receiveEidasAuthnRequest(HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws IOException,
EaafException {
log.trace("Receive request on eidas proxy-service end-points");
- ProxyServicePendingRequest pendingReq = null;
- try {
+ ProxyServicePendingRequest pendingReq = null;
+ try {
// get token from Request
final String tokenBase64 = httpReq.getParameter(EidasParameterKeys.TOKEN.toString());
if (StringUtils.isEmpty(tokenBase64)) {
@@ -89,57 +91,58 @@ public class EidasProxyServiceController extends AbstractController implements I
log.trace("Receive eIDAS-node token: {}. Searching authentication request from eIDAS Proxy-Service ...",
tokenBase64);
- //read authentication request from shared cache
+ // read authentication request from shared cache
final SpecificCommunicationService specificProxyCommunicationService =
(SpecificCommunicationService) applicationContext.getBean(
- SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString());
+ SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE
+ .toString());
final ILightRequest eidasRequest = specificProxyCommunicationService.getAndRemoveRequest(
tokenBase64,
ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes()));
- log.debug("Received eIDAS auth. request from: {}, Initializing authentication environment ... ",
+ log.debug("Received eIDAS auth. request from: {}, Initializing authentication environment ... ",
eidasRequest.getSpCountryCode() != null ? eidasRequest.getSpCountryCode() : "'missing SP-country'");
-
+
// create pendingRequest object
pendingReq = applicationContext.getBean(ProxyServicePendingRequest.class);
pendingReq.initialize(httpReq, authConfig);
pendingReq.setModule(getName());
-
+
// log 'transaction created' event
revisionsLogger.logEvent(EventConstants.TRANSACTION_CREATED,
pendingReq.getUniqueTransactionIdentifier());
revisionsLogger.logEvent(pendingReq.getUniqueSessionIdentifier(),
pendingReq.getUniqueTransactionIdentifier(), EventConstants.TRANSACTION_IP,
httpReq.getRemoteAddr());
-
- //validate eIDAS Authn. request and set into pending-request
+
+ // validate eIDAS Authn. request and set into pending-request
validateEidasAuthnRequest(eidasRequest);
pendingReq.setEidasRequest(eidasRequest);
-
- //generate Service-Provider configuration from eIDAS request
- ISpConfiguration spConfig = generateSpConfigurationFromEidasRequest(eidasRequest);
-
- // populate pendingRequest with parameters
+
+ // generate Service-Provider configuration from eIDAS request
+ final ISpConfiguration spConfig = generateSpConfigurationFromEidasRequest(eidasRequest);
+
+ // populate pendingRequest with parameters
pendingReq.setOnlineApplicationConfiguration(spConfig);
pendingReq.setSpEntityId(spConfig.getUniqueIdentifier());
pendingReq.setPassiv(false);
pendingReq.setForce(true);
-
+
// AuthnRequest needs authentication
pendingReq.setNeedAuthentication(true);
-
+
// set protocol action, which should be executed after authentication
pendingReq.setAction(ProxyServiceAuthenticationAction.class.getName());
-
+
// switch to session authentication
protAuthService.performAuthentication(httpReq, httpResp, pendingReq);
-
- } catch (EidasProxyServiceException e) {
+
+ } catch (final EidasProxyServiceException e) {
throw e;
-
+
} catch (final SpecificCommunicationException e) {
log.error("Can not read eIDAS Authn request from shared cache. Reason: {}", e.getMessage());
- throw new EidasProxyServiceException(ERROR_03, new Object[] {e.getMessage()}, e);
-
+ throw new EidasProxyServiceException(ERROR_03, new Object[] { e.getMessage() }, e);
+
} catch (final Throwable e) {
// write revision log entries
if (pendingReq != null) {
@@ -149,115 +152,124 @@ public class EidasProxyServiceController extends AbstractController implements I
throw new EidasProxyServiceException(ERROR_01, new Object[] { e.getMessage() }, e);
}
-
+
}
@Override
public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response,
IRequest protocolRequest) throws Throwable {
-
- //TODO: implement error handling for eIDAS Node communication
+
+ // TODO: implement error handling for eIDAS Node communication
return false;
-
+
}
-
+
@Override
public String getName() {
return EidasProxyServiceController.class.getName();
-
+
}
@Override
public String getAuthProtocolIdentifier() {
return PROTOCOL_ID;
-
+
}
@Override
public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
return true;
-
+
}
-
+
/**
* Validate incoming eIDAS request.
- *
+ *
* @param eidasRequest Incoming eIDAS authentication request
* @throws EidasProxyServiceException In case of a validation error
*/
private void validateEidasAuthnRequest(ILightRequest eidasRequest) throws EidasProxyServiceException {
if (StringUtils.isEmpty(eidasRequest.getSpCountryCode())) {
throw new EidasProxyServiceException(ERROR_05, null);
-
+
}
-
- //TODO: validate requested attributes
-
- //TODO: validate some other stuff
-
+
+ /*
+ * TODO: validate requested attributes --> check if natural-person and
+ * legal-person attributes requested in parallel
+ */
+
+ // TODO: validate some other stuff
+
}
/**
* Generate a dummy Service-Provider configuration for processing.
- *
+ *
* @param eidasRequest Incoming eIDAS authentication request
* @return Service-Provider configuration that can be used for authentication
* @throws EidasProxyServiceException In case of a configuration error
*/
- private ISpConfiguration generateSpConfigurationFromEidasRequest(ILightRequest eidasRequest)
- throws EidasProxyServiceException {
+ private ISpConfiguration generateSpConfigurationFromEidasRequest(ILightRequest eidasRequest)
+ throws EidasProxyServiceException {
try {
- String spCountry = eidasRequest.getSpCountryCode();
- Map<String, String> spConfigMap = new HashMap<>();
+ final String spCountry = eidasRequest.getSpCountryCode();
+ final Map<String, String> spConfigMap = new HashMap<>();
- //TODO: how we get the EntityId from eIDAS connector?
+ // TODO: how we get the EntityId from eIDAS connector?
spConfigMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER,
- MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID,
+ MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID,
spCountry, eidasRequest.getSpType()));
-
- ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(spConfigMap, authConfig);
-
+
+ final ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(spConfigMap, authConfig);
+
final String ccCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE,
Constants.DEFAULT_MS_NODE_COUNTRY_CODE);
-
+
spConfig.setBpkTargetIdentifier(
- EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry);
+ EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry);
spConfig.setRequiredLoA(
eidasRequest.getLevelsOfAssurance().stream().map(el -> el.getValue()).collect(Collectors.toList()));
-
+
+ // TODO: check if only mandates are allowed in case of legal person requested
+ // --> set force-mandate flag
spConfig.setMandateProfiles(buildMandateProfileConfiguration(eidasRequest));
-
-
+
return spConfig;
-
- } catch (EaafException e) {
- throw new EidasProxyServiceException(ERROR_04, new Object[] {e.getMessage()}, e);
-
- }
+
+ } catch (final EaafException e) {
+ throw new EidasProxyServiceException(ERROR_04, new Object[] { e.getMessage() }, e);
+
+ }
}
private List<String> buildMandateProfileConfiguration(ILightRequest eidasRequest) {
if (authConfig.getBasicConfigurationBoolean(
MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, false)) {
- log.trace("eIDAS Proxy-Service allows mandates. Selecting profiles ... ");
- List<String> spMandateProfiles = authConfig.getBasicConfigurationWithPrefix(
+ log.trace("eIDAS Proxy-Service allows mandates. Selecting profiles ... ");
+
+ /*
+ * TODO: split profiles in natural-person and legal-person profiles and select
+ * correct one based on requested attributes
+ */
+ final List<String> spMandateProfiles = authConfig.getBasicConfigurationWithPrefix(
MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC)
- .entrySet().stream()
- .filter(el -> el.getKey().endsWith(eidasRequest.getSpCountryCode().toLowerCase()))
- .findFirst()
- .map(el -> KeyValueUtils.getListOfCsvValues(el.getValue()))
- .orElse(KeyValueUtils.getListOfCsvValues(
- authConfig.getBasicConfiguration(
- MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT)));
-
+ .entrySet().stream()
+ .filter(el -> el.getKey().endsWith(eidasRequest.getSpCountryCode().toLowerCase()))
+ .findFirst()
+ .map(el -> KeyValueUtils.getListOfCsvValues(el.getValue()))
+ .orElse(KeyValueUtils.getListOfCsvValues(
+ authConfig.getBasicConfiguration(
+ MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT)));
+
log.debug("Set mandate-profiles: {} to request from country: {}",
spMandateProfiles, eidasRequest.getSpCountryCode());
return spMandateProfiles;
-
+
}
-
+
return Collections.emptyList();
-
+
}
}